It’s Winter Olympics time. I love watching them, especially safely ensconced in the American Southwest where we don’t have to deal with the snow and ice associated with the winter sports. Speed skating, (real) Biathlon, Hockey, Downhill and XC skiing, and all the rest of it. But my friend the sports curmudgeon complains about sports that rely on […]

There are two separate approaches to keeping data safe: compliance and security. The first is a legal/regulatory obligation; the second is not. If you ask a compliance author, whether that’s a government legislator or a bureaucratic regulator, what is the purpose of compliance, the reply will be ‘to ensure security.’ If you ask the same […]

In my Changeup post the other day, I mentioned that my colleague Paul Henry had saved an organization an estimated $10M (or roughly 15%) in market cap by showing that an intrusion had no material impact. That got me to thinking: what *is* the typical market impact of a breach? And furthermore, how good are […]

How would you feel if a restaurant, hotel or retailer knew your information had been compromised, but you didn’t find out until fraudulent charges started appearing on your credit card? Or if a company you had invested tens of thousands of dollars in didn’t let you know that it had suffered a data breach? Not […]

The last time we looked at healthcare data breaches was a couple of years ago, so I thought maybe we should take another look. A listing of breaches of unsecured protected health information (PHI) affecting 500 or more individuals is maintained, as mandated by the HITECH Act, by the US Department of Health and Human […]

Updates to the Vermont Data Protection and Breach Notification laws came into effect in May 2012. As readers of my posts know (yo G!), although I seem to play one in this blog, IANAL. With that said, since these laws seem to cover any business in the US and beyond, you should take a quick […]

Time and again, we’ve heard IT teams lament over how security continues to challenge the operational aspects of an organization. And these issues will not likely resolve themselves. While there isn’t a silver bullet that will “fix” this situation, there are best practices that will definitely improve security and increase operational efficiency. For some tips, we […]

We’re back with part II in our podcast series on security versus operations with Mike Rothman, president and analyst with Securosis. In this post, Mike and I will discuss getting back to the basics of endpoint security, as small and mid-size organizations should not even consider employing in-depth cyber security measures until they have the […]

The 2011 RSA Security Conference came to an end last week, and this year, the most memorable thing for me was the San Francisco dim sum. I didn’t see or hear anything ground breaking on the exhibit floor, but there were definitely a few notable shifts on the “security buzzword” scene. From my perspective, “compliance” […]

Last week I participated in an interesting roundtable discussion with Michael Rasmussen from Corporate Integrity and my fellow blogger Paul Henry. We were discussing how to secure the nation’s critical infrastructure – a topic which is relevant to organizations which own or operate critical infrastructure (which, according to the 2009 National Infrastructure Protection Plan (PDF), […]

As I mentioned in my last post, after quite a bit of overseas travel recently, I observed a few trends that apply globally – at its core, what trends are driving technology trends in IT environments, today? In addition to the platform-centric approach being firmly planted both here and overseas and the efficiency of agents […]

A few things I learned while on the road in the past couple of weeks: 1. The platform-centric approach is firmly planted both here and overseas; 2. The efficiency of agents on the endpoint is increasingly under the microscope; 3. Application whitelisting is truly hitting a global tipping point; 4. Compliance costs continue to be […]

You’ve probably heard about three recent security-related events that attracted lots of attention. In January, Google announced that it suffered a “highly sophisticated” and targeted hacker attack—originating from China— against its corporate network. In April, an ill-fated false-positive antivirus signature was pushed out that accidentally removed a key part of Windows from machines. And a […]

Ask any IT administrator where their greatest security risk lies and they will tell you it’s at the endpoint. The endpoint has expanded well beyond a desktop to include mobile devices, which allow greater user flexibility and productivity but also increase security risks to your network. Data that once resided on secure centralized servers (and […]

More than six years after President Bush signed the Fair and Accurate Credit Transactions Act of 2003 (FACTA), it appears that the Federal Trade Commission (FTC) is finally ready to put the hammer down on the long-delayed Red Flags Rule provision of the law. Designed to prompt businesses that extend credit to customers to pay […]